OIDC login not working on self hosted env
sanjay-alraedah opened this issue · comments
Describe the bug
Using Oracle OCI idcs configuration for self hosted infrahq cluster. Oidc login returns 200 but in GUI it's throwing unauthorised and at server logs below errors are comings
{"level":"info","error":"unauthorized: login failed: failed to login: exhange code for tokens: ID token claim is missing an email address","method":"POST","path":"/api/login","statusCode":401,"remoteAddr":"10.244.0.17:49742","time":1695661674938,"caller":"server/routes.go:208","message":"api request error"}
Expected behavior
It should give login into infrahq GUI as OIDC login is already performed.
Screenshots
Environment
Server Helm chart installed version : 0.1.3, App Version 0.21.0
Client Helm chart version : 0.1.3, App Version 0.21.0
$ infra version
Client: 0.21.0
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"25", GitVersion:"v1.25.9", GitCommit:"a1a87a0a2bcd605820920c6b0e618a8ab7d117d4", GitTreeState:"clean", BuildDate:"2023-04-12T12:16:51Z", GoVersion:"go1.19.8", Compiler:"gc", Platform:"darwin/arm64"}
Kustomize Version: v4.5.7
Server Version: version.Info{Major:"1", Minor:"27", GitVersion:"v1.27.2", GitCommit:"b6943c3c67cd1e3b8a1269566e755e899ed25ce2", GitTreeState:"clean", BuildDate:"2023-06-23T15:16:54Z", GoVersion:"go1.20.4 4493 X:boringcrypto", Compiler:"gc", Platform:"linux/amd64"}
OKE services on Oracle OCI cloud.
Relevant Infra Logs
{"level":"info","error":"unauthorized: login failed: failed to login: exhange code for tokens: ID token claim is missing an email address","method":"POST","path":"/api/login","statusCode":401,"remoteAddr":"10.244.0.17:49742","time":1695661674938,"caller":"server/routes.go:208","message":"api request error"}
Additional context
I think that means that you have not added email attribute to the token claim.